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Response to Amendment 

This office action is responsive to Applicant's amendment received on 
8/16/2006. Claims 1-20 remain pending. 

Response to Arguments 

Applicant's arguments, see sections c and d of the Remarks, filed 
8/16/2006, with respect to the rejection(s) of claim(s) 1 1-20 under 35 USC 102(b) 
have been fully considered and are persuasive. Therefore, the rejection has 
been withdrawn. However, upon further consideration, a new ground(s) of 
rejection is made in view of Rothermel et al., (U.S. Patent No. 6,678,827 and 
Rothermel hereinafter). 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

Claims 1-3 are rejected under 35 U.S.C. 101 because: 

Independent claim 1 merely recites a network reference model for use in 

configuring security software on a computer network "comprising a database 

engine providing deduction, a network information database associated with the 

database engine and providing a central repository for a configuration of 

hardware and software installed on the network, and a security goal database 

associated with the database engine and describing uses that the hardware and 
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software installed on the network may support". Therefore, the language of claim 

1 does not produce a useful tangible result. 

Claims 4-10 are rejected under 35 U.S.C. 101 because: 
Independent claims 4 and 10, claim "a configuration tool" which is in 

software. Claims limitation should instead read as "a configuration tool 

implemented on a computer-readable medium". 

Claims 2-3 and 5-9 are dependent on rejected base claims. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-10 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

In claim 1 , Applicant fails to particularly point out and distinctly claim the 
network reference model. Claims 2-3 are rejected on the basis of being 
dependent upon a rejected claim. 

In claims 1 , 4, and 10, the limitation "describing uses that the hardware 
and software of the network may support" renders the scope of the limitation 
indefinite. To convey the concept of permission, Applicant is suggested to use an 
alternate language such as "describing the uses that the hardware and software 
of the network are permitted to support". 
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In claims 6 and 10, the limitation "possible attacks" renders the scope of 
the limitation indefinite, "possible" is a term of degree; therefore, the limitation as 
whole fails to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 2-3, 5, and 7-9 are dependent on rejected base claims. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 

U.S.C. 102 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), (2), 
and (4) of section 371(c) of this title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors 
Protection Act of 1999 (AIPA) and the Intellectual Property and High Technology 
Technical Amendments Act of 2002 do not apply when the reference is a U.S. 
patent resulting directly or indirectly from an international application filed before 
November 29, 2000. Therefore, the prior art date of the reference is determined 
under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AlPA 35 U.S.C. 
102(e)). 

Claims 11-20 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Rothermel et al., (U.S. Patent No. 6,678,827 and Rothermel hereinafter). 
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Regarding claim 11, Rothermel discloses a method for configuring a 
security software package installed on an individual network device, the method 
comprising: 

using active inference in a database engine (i.e., security policy manger 
device - Fig. 1) to decompose one or more security policies for a class of 
network devices into one or more security goals for the individual network device 
(col. 1 0, lines 44-65), wherein the individual network device is a member of the 
class of network devices (i.e., external, optional, and trusted devices based on 
defined networks: network 1, network 2, ...)(col. 6, lines 20-32); and 

configuring the security software package (i.e., security device software 
132 and 142) using the one or more security goals (i.e., NSD's specific security 
information)(col. 7, lines 3-56). 

Regarding claim 15, Rothermel discloses a method for configuring a 
security software package installed on an individual network device, the method 
comprising: 

using active inference in an object-oriented description logic database 
engine (i.e., security policy manger device - Fig. 1) to decompose one or more 
security policies for a class of network devices into one or more security goals for 
the individual network device (col. 10, lines 44-65), wherein the individual 
network device is a member of the class of network devices(i.e., external, 
optional, and trusted devices)(col. 6, lines 20-32); and 
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configuring the security software package using the one or more security 
goals, wherein the security software package is selected from the group 
consisting of an intrusion blocking software package and an intrusion detecting 
software package (col. 7, lines 25-56). 

Regarding claims 12 and 16, Rothermel discloses the method of claim 11, 
wherein using active inference further comprises automatically classifying the 
individual network device based on an IP address (col. 11, lines 62-67 and col. 
12, lines 1-10), a network topology and one or more services the individual 
network device provides, and applying rules to the individual network device 
based on its classification (col. 10, lines 65-67 and col. 1 1 , lines 1-45). 

Regarding claim 13, Rothermel discloses the method of claim 11, wherein 
the database engine is an object-oriented description logic database engine (i.e., 
although the Rothermel is silent about it, the GUI disclosed by his system can 
well be implemented in an object-oriented language such as Java) (col. 12, lines 
14-67 and col. 13, lines 1-20). 

Regarding claim 14, Rothermel discloses the method of claim 1 1 , wherein 
the security software package is selected from the group consisting of an 
intrusion blocking software package an intrusion detecting software package (col. 
7, lines 25-56). 
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Regarding claims 17, Rothermel discloses a method for configuring a 
security software package, the method comprising: 

defining one or more security policies for a class of network devices (i.e., 
security policy templates can be viewed as defining levels of trust given to 
various specific devices or classes of devices), wherein the security software 
package is a service running on at least one network device of the class of 
network devices (i.e., security device software 132 and 142)(col. 6, lines 20-32); 

using a database engine (i.e., security policy manger device - Fig. 1) 
providing deduction to decompose the one or more security policies for the class 
of network devices into one or more security goals, using a database engine 
providing deduction to associate the one or more security goals with the at least 
one network device (i.e., combining the security policy template 300 with the 
network profile 310 for network 1 to create the security policy 315 for network 
1)(col. 10, lines 24-65); and 

configuring the security software package (i.e., security device software 
132 and 142) on the at least one network device using the one or more security 
goals (i.e., NSD's specific security information)(col. 7, lines 3-56). 

Regarding claim 18, Rothermel discloses a method for configuring security 
software packages, comprising: 

generating a first database containing a configuration of hardware devices 
and software packages installed on a network (i.e., security policy templates - 
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element 1 13 on storage 11), wherein the software packages include the security 
software packages (col. 6, lines 54-67); 

defining classes of hardware devices installed on the network (i.e., 
security policy templates can be viewed as defining levels of trust given to 
various specific devices or classes of devices), automatically classifying each of 
the hardware devices into one of the classes of hardware devices using a 
database engine (i.e., security policy manager device 110) providing deduction 
(col. 6, lines 7-54); 

generating a second database (i.e., network security information log) 
containing first security goals (col. 7, lines 57-67 and col. 8, lines 1-27); 

decomposing the first security goals (i.e., security policy templates) into 
second security goals (i.e., NDS-specific security policy information) for individual 
hardware devices using the database engine and the configuration of the 
hardware devices and the software packages installed on the network (col. 10, 
lines 8-24); and 

configuring the security software package (i.e., security device software 
132 and 142) on the at least one network device using the second security goals 
(i.e., NSD's specific security information)(col. 7, lines 3-56). 

Regarding claim 19, Rothermel discloses the method of claim 18 wherein 
generating a second database containing first security goals further comprises 
generating a second database containing first security goals for each class of 
hardware devices (col. 7, lines 57-67 and col. 8, lines 1-27). 
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Regarding claim 20, Rothermel discloses the method of claim 19 wherein 
decomposing the first security goals for individual hardware devices further 
comprises using inference to associate the second security goals with individual 
hardware devices within each class of hardware devices (i.e., the rules in 
security policy 315 for network 1 , which are to be implemented in network 1 , 
specifically refer to network elements within network 1 . In this sense, they differ 
from the rules in security policies 325 and 335, which specifically refer to 
network elements within networks 2 and 3, respectively)(col. 10, lines 8-24). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Arezoo Sherkat whose telephone number is 
(571) 272-3796. The examiner can normally be reached on 8:00-4:30 Monday- 
Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

A.S. 

Patent Examiner 
Group 2131 
October 26, 2006 
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